<!DOCTYPE html>


  <html class="dark page-post">


<head><meta name="generator" content="Hexo 3.9.0">
  <meta charset="utf-8">
  
  <title>web开发中跨域解决方案 | Poetry&#39;s Blog</title>

  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">

  
    <meta name="keywords" content="JavaScript,跨域,">
  

  <meta name="description" content="什么是跨域？  概念如下：只要协议、域名、端口有任何一个不同，都被当作是不同的域  下面是具体的跨域情况详解    URL 说明 是否允许通信     http://www.a.com/a.js、http://www.a.com/b.js 同一域名下 允许   http://www.a.com/lab/a.js、http://www.a.com/script/b.js 同一域名下不同文件夹 允许">
<meta name="keywords" content="JavaScript,跨域">
<meta property="og:type" content="article">
<meta property="og:title" content="web开发中跨域解决方案">
<meta property="og:url" content="http://blog.poetries.top/2017/09/17/cross-domain/index.html">
<meta property="og:site_name" content="Poetry&#39;s Blog">
<meta property="og:description" content="什么是跨域？  概念如下：只要协议、域名、端口有任何一个不同，都被当作是不同的域  下面是具体的跨域情况详解    URL 说明 是否允许通信     http://www.a.com/a.js、http://www.a.com/b.js 同一域名下 允许   http://www.a.com/lab/a.js、http://www.a.com/script/b.js 同一域名下不同文件夹 允许">
<meta property="og:locale" content="zh-Hans">
<meta property="og:updated_time" content="2020-08-15T04:25:31.902Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="web开发中跨域解决方案">
<meta name="twitter:description" content="什么是跨域？  概念如下：只要协议、域名、端口有任何一个不同，都被当作是不同的域  下面是具体的跨域情况详解    URL 说明 是否允许通信     http://www.a.com/a.js、http://www.a.com/b.js 同一域名下 允许   http://www.a.com/lab/a.js、http://www.a.com/script/b.js 同一域名下不同文件夹 允许">

  

  
    <link rel="icon" href="/favicon.ico">
  

  <link href="/css/styles.css?v=c114cbeddx" rel="stylesheet">
<link href="/css/other.css?v=c114cbeddx" rel="stylesheet">


  
    <link rel="stylesheet" href="/css/personal-style.css">
  

  

  
  <script type="text/javascript">
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "//hm.baidu.com/hm.js?40b1f89aa80f2527b3db779c6898c879";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>


  
  <script type="text/javascript">
	(function(){
	    var bp = document.createElement('script');
	    var curProtocol = window.location.protocol.split(':')[0];
	    if (curProtocol === 'https') {
	        bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';        
	    }
	    else {
	        bp.src = 'http://push.zhanzhang.baidu.com/push.js';
	    }
	    var s = document.getElementsByTagName("script")[0];
	    s.parentNode.insertBefore(bp, s);
	})();
  </script>



  
    <script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>
    <link rel="stylesheet" href="//cdn.bootcss.com/font-awesome/4.3.0/css/font-awesome.min.css">
  

  <!-- 聊天系统 -->
  
    
   <link type="text/css" rel="stylesheet" href="/renxi/default.css">
   <style>
      #modal {
        position: static !important;
      }
      .filter {
        width: 100%;
        height: 100%;
        position: absolute;
        top: 0;
        left: 0;
        background: #fe5757;
        animation: colorChange 30s ease-in-out infinite;
        animation-fill-mode: both;
        mix-blend-mode: overlay;
      }
  
      @keyframes colorChange {
        0%, 100% {
            opacity: 0;
        }
        50% {
            opacity: .9;
        }
      }
   </style>
</head>
</html>
<body>
  
  
    <span id="toolbox-mobile" class="toolbox-mobile">导航</span>
  

  <div class="post-header CENTER">
   
  <div class="toolbox">
    <a class="toolbox-entry" href="/">
      <span class="toolbox-entry-text">导航</span>
      <i class="icon-angle-down"></i>
      <i class="icon-home"></i>
    </a>
    <ul class="list-toolbox">
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/archives/"
            rel="noopener noreferrer"
            target="_self"
            >
            博客
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/categories/"
            rel="noopener noreferrer"
            target="_self"
            >
            分类
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/tags/"
            rel="noopener noreferrer"
            target="_self"
            >
            标签
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/search/"
            rel="noopener noreferrer"
            target="_self"
            >
            搜索
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/link/"
            rel="noopener noreferrer"
            target="_self"
            >
            友链
          </a>
        </li>
      
        <li class="item-toolbox">
          <a
            class="CIRCLE"
            href="/about/"
            rel="noopener noreferrer"
            target="_self"
            >
            关于
          </a>
        </li>
      
    </ul>
  </div>


</div>


  <div id="toc" class="toc-article">
    <strong class="toc-title">文章目录<i class="iconfont toc-title" style="display:inline-block;color:#87998d;width:20px;height:20px;">&#xf004b;</i></strong>
    <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#一、document-domain跨域"><span class="toc-text">一、document.domain跨域</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#二、有src的标签"><span class="toc-text">二、有src的标签</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#三、JSONP"><span class="toc-text">三、JSONP</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#四、navigation-对象"><span class="toc-text">四、navigation 对象</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#五、跨域资源共享（CORS）"><span class="toc-text">五、跨域资源共享（CORS）</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#六、window-postMessage"><span class="toc-text">六、window.postMessage</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#七、访问控制安全的讨论"><span class="toc-text">七、访问控制安全的讨论</span></a></li></ol>
  </div>
  




<div class="content content-post CENTER">
   <!-- canvas 彩带 -->
<canvas id="evanyou" width="1302" height="678" style="position: fixed;width: 100%;height: 100%;top: 0;left:0;z-index:-1;"></canvas>

<article id="post-cross-domain" class="article article-type-post" itemprop="blogPost">
  <header class="article-header" style="position:relative;">
    <h1 class="post-title">web开发中跨域解决方案</h1>

    <div class="article-meta">
      <span>
        <i class="icon-calendar"></i>
        <span>2017.09.17</span>
      </span>

      
        <span class="article-author">
          <i class="icon-user"></i>
          <span>Poetry</span>
        </span>
      

      
  <span class="article-category">
    <i class="icon-list"></i>
    <a class="article-category-link" href="/categories/Front-End/">Front-End</a>
  </span>



      

      
      <i class="fa fa-eye"></i> 
        <span id="busuanzi_container_page_pv">
           &nbsp热度 <span id="busuanzi_value_page_pv">
           <i class="fa fa-spinner fa-spin"></i></span>℃
        </span>
      
      
       
          <span class="post-count">
            <i class="fa fa-file-word-o"></i>&nbsp
            <span>字数统计 1.8k字</span>
          </span>

          <span class="post-count">
            <i class="fa fa-columns"></i>&nbsp
            <span>阅读时长 7分</span>
          </span>
      
      
    </div>

    <i class="iconfont" id="toc-eye" style="display:inline-block;color:#b36619;position:absolute;top:0;right:0;cursor:pointer;
    font-size: 24px;">&#xe61c;</i>

  </header>

  <div class="article-content">
    
      <div id="container">
        <p><strong>什么是跨域？</strong></p>
<ul>
<li>概念如下：只要协议、域名、端口有任何一个不同，都被当作是不同的域</li>
</ul>
<p><strong>下面是具体的跨域情况详解</strong></p>
<table>
<thead>
<tr>
<th>URL</th>
<th>说明</th>
<th>是否允许通信</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="http://www.a.com/a.js、http://www.a.com/b.js" target="_blank" rel="noopener">http://www.a.com/a.js、http://www.a.com/b.js</a></td>
<td>同一域名下</td>
<td>允许</td>
</tr>
<tr>
<td><a href="http://www.a.com/lab/a.js、http://www.a.com/script/b.js" target="_blank" rel="noopener">http://www.a.com/lab/a.js、http://www.a.com/script/b.js</a></td>
<td>同一域名下不同文件夹</td>
<td>允许</td>
</tr>
<tr>
<td><a href="http://www.a.com:8000/a.js、http://www.a.com/b.js" target="_blank" rel="noopener">http://www.a.com:8000/a.js、http://www.a.com/b.js</a></td>
<td>同一域名，不同端口</td>
<td>不允许</td>
</tr>
<tr>
<td><a href="http://www.a.com/a.js、https://www.a.com/b.js" target="_blank" rel="noopener">http://www.a.com/a.js、https://www.a.com/b.js</a></td>
<td>同一域名，不同协议</td>
<td>不允许</td>
</tr>
<tr>
<td><a href="http://www.a.com/a.js、http://70.32.92.74/b.js" target="_blank" rel="noopener">http://www.a.com/a.js、http://70.32.92.74/b.js</a></td>
<td>域名和域名对应ip</td>
<td>不允许</td>
</tr>
<tr>
<td><a href="http://www.a.com/a.js、http://script.a.com/b.js" target="_blank" rel="noopener">http://www.a.com/a.js、http://script.a.com/b.js</a></td>
<td>主域相同，子域不同</td>
<td>不允许（cookie这种情况下也不允许访问）</td>
</tr>
<tr>
<td><a href="http://www.a.com/a.js、http://a.com/b.js" target="_blank" rel="noopener">http://www.a.com/a.js、http://a.com/b.js</a></td>
<td>同一域名，不同二级域名（同上）</td>
<td>不允许（cookie这种情况下也不允许访问）</td>
</tr>
<tr>
<td><a href="http://www.cnblogs.com/a.js、http://www.a.com/b.js" target="_blank" rel="noopener">http://www.cnblogs.com/a.js、http://www.a.com/b.js</a></td>
<td>不同域名</td>
<td>不允许</td>
</tr>
</tbody>
</table>
<h2 id="一、document-domain跨域"><a href="#一、document-domain跨域" class="headerlink" title="一、document.domain跨域"></a>一、document.domain跨域</h2><hr>
<ul>
<li>原理：相同主域名不同子域名下的页面，可以设置<code>document.domain</code>让它们同域</li>
<li>限制：同域<code>document</code>提供的是页面间的互操作，需要载入<code>iframe</code>页面</li>
</ul>
<blockquote>
<p>下面几个域名下的页面都是可以通过<code>document.domain</code>跨域互操作的： <code>http://a.com/foo</code>, <code>http://b.a.com/bar</code>, <code>http://c.a.com/bar</code>。 但只能以页面嵌套的方式来进行页面互操作，比如常见的<code>iframe</code>方式就可以完成页面嵌套</p>
</blockquote>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// URL http://a.com/foo</span></span><br><span class="line"><span class="keyword">var</span> ifr = <span class="built_in">document</span>.createElement(<span class="string">'iframe'</span>);</span><br><span class="line">ifr.src = <span class="string">'http://b.a.com/bar'</span>; </span><br><span class="line">ifr.onload = <span class="function"><span class="keyword">function</span>(<span class="params"></span>)</span>&#123;</span><br><span class="line">    <span class="keyword">var</span> ifrdoc = ifr.contentDocument || ifr.contentWindow.document;</span><br><span class="line">    ifrdoc.getElementsById(<span class="string">"foo"</span>).innerHTML);</span><br><span class="line">&#125;;</span><br><span class="line"></span><br><span class="line">ifr.style.display = <span class="string">'none'</span>;</span><br><span class="line"><span class="built_in">document</span>.body.appendChild(ifr);</span><br></pre></td></tr></table></figure>
<ul>
<li>上述代码所在的<code>URL</code>是<code>http://a.com/foo</code>，它对<code>http://b.a.com/bar</code>的<code>DOM</code>访问要求后者将 <code>document.domain</code>往上设置一级</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// URL http://b.a.com/bar</span></span><br><span class="line"><span class="built_in">document</span>.domain = <span class="string">'a.com'</span></span><br></pre></td></tr></table></figure>
<ul>
<li><code>document.domain</code>只能从子域设置到主域，往下设置以及往其他域名设置都是不允许的， 在<code>Chrome</code>中给出的错误是这样的</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">Uncaught DOMException: Failed to <span class="keyword">set</span> the 'domain' property on 'Document': 'baidu.com' is not a suffix of 'b.a.com'</span><br></pre></td></tr></table></figure>
<h2 id="二、有src的标签"><a href="#二、有src的标签" class="headerlink" title="二、有src的标签"></a>二、有src的标签</h2><hr>
<ul>
<li>原理：所有具有<code>src</code>属性的<code>HTML</code>标签都是可以跨域的，包括<code>&lt;img&gt;</code>, <code>&lt;script&gt;</code></li>
<li>限制：需要创建一个<code>DOM</code>对象，只能用于<code>GET</code>方法</li>
</ul>
<blockquote>
<ul>
<li>在<code>document.body</code>中<code>append</code>一个具有<code>src</code>属性的<code>HTML</code>标签， <code>src</code>属性值指向的<code>URL</code>会以<code>GET</code>方法被访问，该访问是可以跨域的 </li>
<li>其实样式表的<code>&lt;link&gt;</code>标签也是可以跨域的，只要是有<code>src</code>或<code>href</code>的<code>HTML</code>标签都有跨域的能力</li>
</ul>
</blockquote>
<ul>
<li>不同的<code>HTML</code>标签发送<code>HTTP</code>请求的时机不同，例如<code>&lt;img&gt;</code>在更改<code>src</code>属性时就会发送请求，而<code>script</code>, <code>iframe</code>, <code>link[rel=stylesheet]</code>只有在添加到<code>DOM</code>树之后才会发送<code>HTTP</code>请求：</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="keyword">var</span> img = <span class="keyword">new</span> Image();</span><br><span class="line">img.src = <span class="string">'http://some/picture'</span>;        <span class="comment">// 发送HTTP请求</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> ifr = $(<span class="string">'&lt;iframe&gt;'</span>, &#123;<span class="attr">src</span>: <span class="string">'http://b.a.com/bar'</span>&#125;);</span><br><span class="line">$(<span class="string">'body'</span>).append(ifr);                  <span class="comment">// 发送HTTP请求</span></span><br></pre></td></tr></table></figure>
<h2 id="三、JSONP"><a href="#三、JSONP" class="headerlink" title="三、JSONP"></a>三、JSONP</h2><hr>
<ul>
<li>原理：<code>&lt;script&gt;</code>是可以跨域的，而且在跨域脚本中可以直接回调当前脚本的函数</li>
<li>限制：需要创建一个<code>DOM</code>对象并且添加到<code>DOM</code>树，只能用于<code>GET</code>方法</li>
</ul>
<blockquote>
<p><code>JSONP</code>利用的是<code>&lt;script&gt;</code>可以跨域的特性，跨域<code>URL</code>返回的脚本不仅包含数据，还包含一个回调</p>
</blockquote>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// URL: http://b.a.com/foo</span></span><br><span class="line"><span class="keyword">var</span> data = &#123;</span><br><span class="line">    foo: <span class="string">'bar'</span>,</span><br><span class="line">    bar: <span class="string">'foo'</span></span><br><span class="line">&#125;;</span><br><span class="line">callback(data);</span><br></pre></td></tr></table></figure>
<ul>
<li>然后在我们在主站<code>http://a.com</code>中，可以这样来跨域获取<code>http://b.a.com</code>的数据：</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// URL: http://a.com/foo</span></span><br><span class="line"><span class="keyword">var</span> callback = <span class="function"><span class="keyword">function</span>(<span class="params">data</span>)</span>&#123;</span><br><span class="line">    <span class="comment">// 处理跨域请求得到的数据</span></span><br><span class="line">&#125;;</span><br><span class="line"><span class="keyword">var</span> script = $(<span class="string">'&lt;script&gt;'</span>, &#123;<span class="attr">src</span>: <span class="string">'http://b.a.com/bar'</span>&#125;);</span><br><span class="line">$(<span class="string">'body'</span>).append(script);</span><br></pre></td></tr></table></figure>
<ul>
<li>其实<code>jQuery</code>已经封装了<code>JSONP</code>的使用，我们可以这样来</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">$.getJSON( <span class="string">"http://b.a.com/bar?callback=callback"</span>, <span class="function"><span class="keyword">function</span>(<span class="params"> data </span>)</span>&#123;</span><br><span class="line">    <span class="comment">// 处理跨域请求得到的数据</span></span><br><span class="line">&#125;);</span><br></pre></td></tr></table></figure>
<blockquote>
<p><code>$.getJSON</code>与<code>$.get</code>的区别是前者会把<code>responseText</code>转换为<code>JSON</code>，而且当<code>URL</code>具有<code>callback</code>参数时， <code>jQuery</code>将会把它解释为一个<code>JSONP</code>请求，创建一个<code>&lt;script&gt;</code>标签来完成该请求</p>
</blockquote>
<h2 id="四、navigation-对象"><a href="#四、navigation-对象" class="headerlink" title="四、navigation 对象"></a>四、navigation 对象</h2><hr>
<ul>
<li>原理：<code>iframe</code>之间是共享<code>navigator</code>对象的，用它来传递信息</li>
<li>要求：<code>IE6/7</code></li>
</ul>
<blockquote>
<p>有些人注意到了<code>IE6/7</code>的一个漏洞：<code>iframe</code>之间的<code>window.navigator</code>对象是共享的。 我们可以把它作为一个<code>Messenger</code>，通过它来传递信息。比如一个简单的委托：</p>
</blockquote>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// a.com</span></span><br><span class="line">navigation.onData()&#123;</span><br><span class="line">    <span class="comment">// 数据到达的处理函数</span></span><br><span class="line">&#125;</span><br><span class="line"><span class="keyword">typeof</span> navigation.getData === <span class="string">'function'</span> </span><br><span class="line">    || navigation.getData()</span><br></pre></td></tr></table></figure>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// b.com</span></span><br><span class="line">navigation.getData = <span class="function"><span class="keyword">function</span>(<span class="params"></span>)</span>&#123;</span><br><span class="line">    $.<span class="keyword">get</span>('/path/under/b.com')</span><br><span class="line">        .success(function(data)&#123;</span><br><span class="line">            <span class="keyword">typeof</span> navigation.onData === <span class="string">'function'</span></span><br><span class="line">                || navigation.onData(data)</span><br><span class="line">        &#125;);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>与<code>document.navigator</code>类似，<code>window.name</code>也是当前窗口所有页面所共享的。也可以用它来传递信息。 同样蛋疼的办法还有传递<code>Hash</code>（有些人叫锚点），这是因为每次浏览器打开一个<code>URL</code>时，<code>URL</code>后面的<code>#xxx</code>部分会保留下来，那么新的页面可以从这里获得上一个页面的数据</p>
</blockquote>
<h2 id="五、跨域资源共享（CORS）"><a href="#五、跨域资源共享（CORS）" class="headerlink" title="五、跨域资源共享（CORS）"></a>五、跨域资源共享（CORS）</h2><hr>
<ul>
<li>原理：服务器设置<code>Access-Control-Allow-OriginHTTP</code>响应头之后，浏览器将会允许跨域请求</li>
<li>限制：浏览器需要支持<code>HTML5</code>，可以支持<code>POST</code>，<code>PUT</code>等方法</li>
</ul>
<blockquote>
<p>前面提到的跨域手段都是某种意义上的<code>Hack</code>， <code>HTML5</code>标准中提出的跨域资源共享（<code>Cross Origin Resource Share</code>，<code>CORS</code>）才是正道。 它支持其他的<code>HTTP</code>方法如<code>PUT</code>, <code>POST</code>等，可以从本质上解决跨域问题。</p>
</blockquote>
<ul>
<li>例如，从<code>http://a.com</code>要访问<code>http://b.com</code>的数据，通常情况下<code>Chrome</code>会因跨域请求而报错</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">XMLHttpRequest cannot load http:<span class="comment">//b.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://a.com' is therefore not allowed access</span></span><br></pre></td></tr></table></figure>
<ul>
<li>错误原因是被请求资源没有设置<code>Access-Control-Allow-Origin</code>，所以我们在<code>b.com</code>的服务器中设置这个响应头字段即可</li>
</ul>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">Access-Control-Allow-Origin: *              # 允许所有域名访问，或者</span><br><span class="line">Access-Control-Allow-Origin: http:<span class="comment">//a.com   # 只允许所有域名访问</span></span><br></pre></td></tr></table></figure>
<h2 id="六、window-postMessage"><a href="#六、window-postMessage" class="headerlink" title="六、window.postMessage"></a>六、window.postMessage</h2><hr>
<ul>
<li>原理：<code>HTML5</code>允许窗口之间发送消息</li>
<li>限制：浏览器需要支持<code>HTML5</code>，获取窗口句柄后才能相互通信</li>
</ul>
<blockquote>
<p>这是一个安全的跨域通信方法，<code>postMessage(message,targetOrigin)</code>也是<code>HTML5</code>引入的特性。 可以给任何一个<code>window</code>发送消息，不论是否同源。第二个参数可以是*但如果你设置了一个<code>URL</code>但不相符，那么该事件不会被分发。看一个普通的使用方式吧</p>
</blockquote>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// URL: http://a.com/foo</span></span><br><span class="line"><span class="keyword">var</span> win = <span class="built_in">window</span>.open(<span class="string">'http://b.com/bar'</span>);</span><br><span class="line">win.postMessage(<span class="string">'Hello, bar!'</span>, <span class="string">'http://b.com'</span>);</span><br></pre></td></tr></table></figure>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="comment">// URL: http://b.com/bar</span></span><br><span class="line"><span class="built_in">window</span>.addEventListener(<span class="string">'message'</span>,<span class="function"><span class="keyword">function</span>(<span class="params">event</span>) </span>&#123;</span><br><span class="line">    <span class="built_in">console</span>.log(event.data);</span><br><span class="line">&#125;);</span><br></pre></td></tr></table></figure>
<h2 id="七、访问控制安全的讨论"><a href="#七、访问控制安全的讨论" class="headerlink" title="七、访问控制安全的讨论"></a>七、访问控制安全的讨论</h2><hr>
<ul>
<li>在<code>HTML5</code>之前，<code>JSONP</code>已经成为跨域的事实标准了，<code>jQuery</code>都给出了支持。 值得注意的是它只是<code>Hack</code>，并没有产生额外的安全问题。 因为<code>JSONP</code>要成功获取数据，需要跨域资源所在服务器的配合，比如资源所在服务器需要自愿地回调一个合适的函数，所以服务器仍然有能力控制资源的跨域访问</li>
<li>跨域的正道还是要使用<code>HTML5</code>提供的CORS头字段以及<code>window.postMessage</code>， 可以支持<code>POST</code>, <code>PUT</code>等<code>HTTP</code>方法，从机制上解决跨域问题。 值得注意的是<code>Access-Control-Allow-Origin</code>头字段是资源所在服务器设置的， 访问控制的责任仍然是在提供资源的服务器一方，这和<code>JSONP</code>是一样的</li>
</ul>

      </div>
    
  </div>

</article>

<button class="assist-btn2 circle" id="assist_btn2" title="点亮屏幕" style="left: 27px; top: 152px;">
  <i class="iconfont" style="display:inline-block;color:red;width:20px;height:20px;">&#xe61d;</i>
</button>
<button class="assist-btn1 circle" id="assist_btn1" title="关闭屏幕亮度" style="left: 27px; top: 152px;">
  <i class="iconfont toc-title" style="display:inline-block;color:red;width:20px;height:20px;">&#xe61d;</i>
</button>


<script src="//cdn.bootcss.com/jquery/3.1.1/jquery.min.js"></script>	

<script src="https://my.openwrite.cn/js/readmore.js" type="text/javascript"></script>
<script>
  const btw = new BTWPlugin();
  btw.init({
    id: "container",
    blogId: "22699-1592137983091-414",
    name: "前端进阶之旅",
    qrcode: "https://poetries1.gitee.io/img-repo/2020/06/qrcode.jpg",
    keyword: "3a3b3c",
  });
</script>

<script type="text/javascript">

// white theme
var body = {color: "#555", background: "#000"};
var a_tag = {color: "#222"};
var header = { background: "#222"};
var logo_line_i = {background: "#222"};
// var post_code = {background: "#eee", color: "#222"};

function switch_theme() {
 $("body").css(body);
 $("a:not('.links-of-author-item a, .site-state-item a, .site-state-posts a, .feed-link a, .motion-element a, .post-tags a, .show-commit-cls a, #donate_board a')").css(a_tag);
 $(".header, .footer").css(header);
 $(".logo-line-before i, .logo-line-after i").css(logo_line_i);
 //$(".post code").css(post_code);
 $("#idhyt-surprise-ball #idhyt-surprise-ball-animation .drag").css(a_tag);
 $(".post-title-link, .posts-expand .post-meta, .post-comments-count, .disqus-comment-count, .post-category a, .post-nav-next a, .post-nav-item a").css(a_tag);
 
 // $("code").css({color: '#c5c8c6', background: '#1d1f21'});
 //$("#assist_btn1").hide(1500);
}

$(function () {
$("#assist_btn2").css("display","none");
 $("#assist_btn1").click(function() {
     switch_theme();
$("div#toc.toc-article").css({
 "background":"#eaeaea",
 "opacity":1
});
$(".toc-article ol").show();
$("#toc.toc-article .toc-title").css("color","#a98602");
$("#assist_btn1").css("display","none");
$("#assist_btn2").css("display","block");
 });
$("#assist_btn2").click(function() {
$("#assist_btn2").css("display","none");
$("#assist_btn1").css("display","block");
$("body").css("background","url(http://www.miaov.com/static/ie/images/news/bg.png)")
     $(".header, .footer").css("background","url(http://www.miaov.com/static/ie/images/news/bg.png)")
$(".toc-article ol").toggle(1000);
 });
});


//背景随机

var Y, O, E, L, B, C, T, z, N, S, A, I;
!function() {
var e = function() {
for (O.clearRect(0, 0, L, B), T = [{
x: 0,
y: .7 * B + C
}, {
x: 0,
y: .7 * B - C
}]; T[1].x < L + C;) t(T[0], T[1])
}, t = function(e, t) {
O.beginPath(), O.moveTo(e.x, e.y), O.lineTo(t.x, t.y);
var n = t.x + (2 * I() - .25) * C,
 r = a(t.y);
O.lineTo(n, r), O.closePath(), N -= S / -50, O.fillStyle = "#" + (127 * A(N) + 128 << 16 | 127 * A(N + S / 3) + 128 << 8 | 127 * A(N + S / 3 * 2) + 128).toString(16), O.fill(), T[0] = T[1], T[1] = {
 x: n,
 y: r
}
}, a = function n(e) {
var t = e + (2 * I() - 1.1) * C;
return t > B || t < 0 ? n(e) : t
};
Y = document.getElementById("evanyou"), O = Y.getContext("2d"), E = window.devicePixelRatio || 1, L = window.innerWidth, B = window.innerHeight, C = 90, z = Math, N = 0, S = 2 * z.PI, A = z.cos, I = z.random, Y.width = L * E, Y.height = B * E, O.scale(E, E), O.globalAlpha = .6, document.onclick = e, document.ontouchstart = e, e()
}()

   
$("#toc-eye").click(function(){
$("#toc.toc-article").toggle(1000);
});

</script>


   
  <div class="text-center donation">
    <div class="inner-donation">
      <span class="btn-donation">支持一下</span>
      <div class="donation-body">
        <div class="tip text-center">扫一扫，支持poetries</div>
        <ul>
        
          <li class="item">
            
              <span>微信扫一扫</span>
            
            <img src="/images/weixin.jpg" alt="">
          </li>
        
          <li class="item">
            
              <span>支付宝扫一扫</span>
            
            <img src="/images/zhifubao.jpg" alt="">
          </li>
        
        </ul>
      </div>
    </div>
  </div>


   
  <div class="box-prev-next clearfix">
    <a class="show pull-left" href="/2017/09/12/js-calc-str-byte/">
        <i class="icon icon-angle-left"></i>
    </a>
    <a class="show pull-right" href="/2017/09/17/set-map/">
        <i class="icon icon-angle-right"></i>
    </a>
  </div>




</div>


  <a id="backTop" class="back-top">
    <i class="icon-angle-up"></i>
  </a>




  <div class="modal" id="modal">
  <span id="cover" class="cover hide"></span>
  <div id="modal-dialog" class="modal-dialog hide-dialog">
    <div class="modal-header">
      <span id="close" class="btn-close">关闭</span>
    </div>
    <hr>
    <div class="modal-body">
      <ul class="list-toolbox">
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/archives/"
              rel="noopener noreferrer"
              target="_self"
              >
              博客
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/categories/"
              rel="noopener noreferrer"
              target="_self"
              >
              分类
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/tags/"
              rel="noopener noreferrer"
              target="_self"
              >
              标签
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/search/"
              rel="noopener noreferrer"
              target="_self"
              >
              搜索
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/link/"
              rel="noopener noreferrer"
              target="_self"
              >
              友链
            </a>
          </li>
        
          <li class="item-toolbox">
            <a
              class="CIRCLE"
              href="/about/"
              rel="noopener noreferrer"
              target="_self"
              >
              关于
            </a>
          </li>
        
      </ul>

    </div>
  </div>
</div>



  
      <div class="fexo-comments comments-post">
    

    

    
    

    

    
    

    

<!-- Gitalk评论插件通用代码 -->
<div id="gitalk-container"></div>

<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/gitalk@1/dist/gitalk.css">
<script src="https://cdn.jsdelivr.net/npm/gitalk@1/dist/gitalk.min.js"></script>
<script>
const gitalk = new Gitalk({
  clientID: '5567a2c4abb858009d96',
  clientSecret: 'b9039ec056cf5c2346b3cdb63308a28c163f91e5',
  repo: 'poetries.github.io',
  owner: 'poetries',
  // 在这里设置一下截取前50个字符串, 这是因为 github 对 label 的长度有了要求, 如果超过
  // 50个字符串则会报错.
  // id: location.pathname.split('/').pop().substring(0, 49),
  id: location.pathname,
  admin: ['poetries'],
  // facebook-like distraction free mode
  distractionFreeMode: false
})
gitalk.render('gitalk-container')
</script>
<!-- Gitalk代码结束 -->



  </div>

  

  <script type="text/javascript">
  function loadScript(url, callback) {
    var script = document.createElement('script')
    script.type = 'text/javascript';

    if (script.readyState) { //IE
      script.onreadystatechange = function() {
        if (script.readyState == 'loaded' ||
          script.readyState == 'complete') {
          script.onreadystatechange = null;
          callback();
        }
      };
    } else { //Others
      script.onload = function() {
        callback();
      };
    }

    script.src = url;
    document.getElementsByTagName('head')[0].appendChild(script);
  }

  window.onload = function() {
    loadScript('/js/bundle.js?235683', function() {
      // load success
    });
  }
</script>


  <!-- 页面点击小红心 -->
  <script type="text/javascript" src="/js/clicklove.js"></script>
 
  
</body>
</html>
